Are Protected Members/Fields Really That Bad

Are protected members/fields really that bad?

Are protected members/fields really that bad?

No. They are way, way worse.

As soon as a member is more accessible than private, you are making guarantees to other classes about how that member will behave. Since a field is totally uncontrolled, putting it "out in the wild" opens your class and classes that inherit from or interact with your class to higher bug risk. There is no way to know when a field changes, no way to control who or what changes it.

If now, or at some point in the future, any of your code ever depends on a field some certain value, you now have to add validity checks and fallback logic in case it's not the expected value - every place you use it. That's a huge amount of wasted effort when you could've just made it a damn property instead ;)

The best way to share information with deriving classes is the read-only property:

protected object MyProperty { get; }

If you absolutely have to make it read/write, don't. If you really, really have to make it read-write, rethink your design. If you still need it to be read-write, apologize to your colleagues and don't do it again :)

A lot of developers believe - and will tell you - that this is overly strict. And it's true that you can get by just fine without being this strict. But taking this approach will help you go from just getting by to remarkably robust software. You'll spend far less time fixing bugs.

And regarding any concerns about performance - don't. I guarantee you will never, in your entire career, write code so fast that the bottleneck is the call stack itself.

Should you ever use protected member variables?

Should you ever use protected member variables?

Depends on how picky you are about hiding state.

  • If you don't want any leaking of internal state, then declaring all your member variables private is the way to go.
  • If you don't really care that subclasses can access internal state, then protected is good enough.

If a developer comes along and subclasses your class they may mess it up because they don't understand it fully. With private members, other than the public interface, they can't see the implementation specific details of how things are being done which gives you the flexibility of changing it later.

Is a superclass protected field which is only used in a subclass bad practice?

Not necessarily. If all the subclasses need the same field for the same reason, then that's no different than providing any other common functionality in a base class. as your classes grow you may find that you add common functionality which uses this field (e.g. referencing it in an equals/hashCode method).

Now, if the field is of type Object and each sub-class shoves something completely different into it, i would consider that a code smell.

Is it good practice to make member variables protected?

Encapsulation is one of the main features of OO. Encapsulating your data in classes means that users of the class can not break the class' data's invariants, because the class' state can only be manipulated through its member functions.

If you allow derived classes access to their base class' data, then derived classes need to take care to not to invalidate the base class' data's invariants. That throws encapsulation out of the window and is just wrong. (So do getters and setters, BTW.)

I find myself using protected less and less over the years, even for member functions. If a class fully implements a simple concept, then all of its state should be manipulatable through its public interface. If derived classes need "back doors" to sneak in, then I usually question my design. (Which isn't to say I never use protected. I just find I need it less and less.)

Private vs Protected - Visibility Good-Practice Concern

No, you're not on the right track. A good rule of thumb is: make everything as private as possible. This makes your class more encapsulated, and allows for changing the internals of the class without affecting the code using your class.

If you design your class to be inheritable, then carefully choose what may be overridden and accessible from subclasses, and make that protected (and final, talking of Java, if you want to make it accessible but not overridable). But be aware that, as soon as you accept to have subclasses of your class, and there is a protected field or method, this field or method is part of the public API of the class, and may not be changed later without breaking subclasses.

A class that is not intended to be inherited should be made final (in Java). You might relax some access rules (private to protected, final to non-final) for the sake of unit-testing, but then document it, and make it clear that although the method is protected, it's not supposed to be overridden.

Why protected member variables are considered an anti-pattern and should be replaced with private access fields?

It depends really. Without knowing what concrete reasons exist for a subclass to be able to access a field, its hard to argue what protection level is appropiate.

A big factor in the decision is if the class is intended for subclassing; if it isn't explicitly designed to be extensible then keeping its inner workings private is a reasonable default choice.

It gets hairy when the class is intended to be subclassed and the subclass needs to have some control over the base class.

If the subclass clearly needs to both read and write a field, then all that protected getters/setters for a private field can buy you, is:

a.) The possibility to validate and respond to improper use (e.g. by throwing) at the point where it occurs, not later. This can save a lot of time by avoiding scenarios where at one point a field is altered improperly, resulting in a problem much later in an unrelated place.

b.) The flexibiliy to alter the field representation without needing to change existing subclasses. I think thats a pretty rare case; if the field type can change and subclasses are tied closely to the base class, its unlikely you get away with just converting the representation in a getter/setter.

c.) If the subclass just needs to read a field, then its obvious that
just providing a getter defends against the subclass altering that field. No available setter clearly communicates that this member is not intended to be altered. If possible, making the field final can be an alternative to providing a protected getter.

There may be an alternative: package private access

Thats an option that is often overlooked. In many cases you want a base class providing the most generic implementation and then two or more variants that a user can extend from. The variations need to access the base class member, but the user derived subclasses shouldn't. Then package private is just the tool for the job.

Confusion on when to use private vs protected fields

You nailed it yourself: a good practice is to make everything 'private' by default. Then, your specific design may require for example to be able to use some attributes or (preferably) some methods inside a subclass. In that situation, you'll need to move them toward 'protected' - but only in that situation.

Remember that using the accessors (getters & setters) is perfectly ok, and can be done without breaking encapsulation.

Java protected fields vs public getters

If there's going to be a public getter anyway, why would you want to expose the field itself more widely than absolutely necessary? That means it's immediately writable by subclasses (unless it's final to start with).

Personally I like all my fields to be private: it provides a cleaner separation between API and implementation. I regard the relationship between a superclass and a subclass as similar to that of a caller and callee - changes to the underlying implementation shouldn't break subclasses any more than they should break callers. The name of a field is an implementation detail which shouldn't impact other classes.

Admittedly my view is occasionally seen as somewhat extreme...

C# protected property or field

Generally, you should use autoproperties - this allow you to easily add verification, or anything else you need later on. This is especially important if the protected member will be used by classes outside your assembly, as adding such code won't break your contract with them, whereas changing a field to a method or property will.

Should protected attributes always be banned?

In this interview on Design by Bill Venners, Joshua Bloch, the author of Effective Java says:

Trusting Subclasses


Bill Venners: Should I trust subclasses more intimately than
non-subclasses? For example, do I make
it easier for a subclass
implementation to break me than I
would for a non-subclass? In
particular, how do you feel about
protected data?

Josh Bloch: To write something that is both subclassable and robust
against a malicious subclass is
actually a pretty tough thing to do,
assuming you give the subclass access
to your internal data structures. If
the subclass does not have access to
anything that an ordinary user
doesn't, then it's harder for the
subclass to do damage. But unless you
make all your methods final, the
subclass can still break your
contracts by just doing the wrong
things in response to method
invocation. That's precisely why the
security critical classes like String
are final. Otherwise someone could
write a subclass that makes Strings
appear mutable, which would be
sufficient to break security. So you
must trust your subclasses. If you
don't trust them, then you can't allow
them, because subclasses can so easily
cause a class to violate its
contracts.

As far as protected data in general,
it's a necessary evil. It should be
kept to a minimum. Most protected data
and protected methods amount to
committing to an implementation
detail. A protected field is an
implementation detail that you are
making visible to subclasses. Even a
protected method is a piece of
internal structure that you are making
visible to subclasses.

The reason you make it visible is that
it's often necessary in order to allow
subclasses to do their job, or to do
it efficiently. But once you've done
it, you're committed to it. It is now
something that you are not allowed to
change, even if you later find a more
efficient implementation that no
longer involves the use of a
particular field or method.

So all other things being equal, you
shouldn't have any protected members
at all. But that said, if you have too
few, then your class may not be usable
as a super class, or at least not as
an efficient super class. Often you
find out after the fact. My philosophy
is to have as few protected members as
possible when you first write the
class. Then try to subclass it. You
may find out that without a particular
protected method, all subclasses will
have to do some bad thing.

As an example, if you look at
AbstractList, you'll find that there
is a protected method to delete a
range of the list in one shot
(removeRange). Why is that in there?
Because the normal idiom to remove a
range, based on the public API, is to
call subList to get a sub-List,
and then call clear on that
sub-List. Without this particular
protected method, however, the only
thing that clear could do is
repeatedly remove individual elements.

Think about it. If you have an array
representation, what will it do? It
will repeatedly collapse the array,
doing order N work N times. So it will
take a quadratic amount of work,
instead of the linear amount of work
that it should. By providing this
protected method, we allow any
implementation that can efficiently
delete an entire range to do so. And
any reasonable List implementation
can delete a range more efficiently
all at once.

That we would need this protected
method is something you would have to
be way smarter than me to know up
front. Basically, I implemented the
thing. Then, as we started to subclass
it, we realized that range delete was
quadratic. We couldn't afford that, so
I put in the protected method. I think
that's the best approach with
protected methods. Put in as few as
possible, and then add more as needed.
Protected methods represent
commitments to designs that you may
want to change. You can always add
protected methods, but you can't take
them out.

Bill Venners: And protected data?

Josh Bloch: The same thing, but even more. Protected data is even more
dangerous in terms of messing up your
data invariants. If you give someone
else access to some internal data,
they have free reign over it.

Short version: it breaks encapsulation but it's a necessary evil that should be kept to a minimum.


Related Topics

"Strange" C# Property Syntax

System.Drawing Out of Memory Exception

How to Make Chrome Headless After I Login Manually

How to Implement Custom Authentication in ASP.NET MVC 5

"Invalid Provider Type Specified" Cryptographicexception When Trying to Load Private Key of Certificate

How to Avoid Multiple Instances of Windows Form in C#

Could Not Find Installable Isam

What Is the Command to Exit a Console Application in C#

How to Get the Correct Ip from Http_X_Forwarded_For If It Contains Multiple Ip Addresses

Access Form Component from Another Class

Enable Ssl in Visual Studio

Automatically Start a Windows Service on Install

Creating a SQL Server Table from a C# Datatable

Multiple Aggregates/Repositories in One Transaction

Memcached with Windows and .Net

How to Embed Gecko or Webkit in a Windows Form Just Like a Webview

Disable Application Insights in Debug

Automated Property with Getter Only, Can Be Set, Why


Leave a reply



Submit